Google Git
Sign in
boringssl/boringssl/a6d81018f8fd5647d88a49923633f29dd77c2365^!/./crypto/cipher/e_aes.c
commit
a6d81018f8fd5647d88a49923633f29dd77c2365
[log]
author
David Benjamin <davidben@chromium.org>
Tue Dec 16 07:48:10 2014 -0500
committer
Adam Langley <agl@google.com>
Tue Dec 16 19:15:59 2014 +0000
tree
a2182160a477558c1919642629a684046938c42b
parent
263eac02f5c27ad91c1514c93246b84980f73c97 [diff] [blame]
Consistently use RAND_bytes and check for failure.

RAND_pseudo_bytes just calls RAND_bytes now and only returns 0 or 1. Switch all
callers within the library call the new one and use the simpler failure check.
This fixes a few error checks that no longer work (< 0) and some missing ones.

Change-Id: Id51c79deec80075949f73fa1fbd7b76aac5570c6
Reviewed-on: https://boringssl-review.googlesource.com/2621
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/crypto/cipher/e_aes.c b/crypto/cipher/e_aes.c
index 64a0ee8..e4d3b8a 100644
--- a/crypto/cipher/e_aes.c
+++ b/crypto/cipher/e_aes.c

@@ -448,8 +448,7 @@
       if (arg) {
         memcpy(gctx->iv, ptr, arg);
       }
-      if (c->encrypt &&
-          RAND_pseudo_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0) {
+      if (c->encrypt && !RAND_bytes(gctx->iv + arg, gctx->ivlen - arg)) {
         return 0;
       }
       gctx->iv_gen = 1;